Local privilege escalation in pkexec, a core Linux system component
Posted on January 25, 2022 in Operating Systems
Summary
A local privilege escalation bug (from any user to root) has been found polkit's pkexec, and exploit code is available. This binary is a SUID root program available on every major Linux distro, and is most commonly installed if a GUI is present. The flaw has been assigned a bug alert severity of 'very high'.
Details
On Tuesday, January 25th, 2022, Qualys published a blog post detailing an issue they identified within pkexec, a core component of polkit (formerly known as PolicyKit). In the time since Qualys disclosed this issue, exploit code has been made available. The pkexec binary is most commonly installed with Linux GUI components and may not be present on servers that run 'minimal' OS installs. This post will be updated as more information becomes available.
PwnKit, as this vulnerability is being called, has been assigned CVE-2021-4034. Patches are available now for most Linux distributions.
Thank you to Matt Cobb for reporting this issue.
This was Bug Alert's first notice. If you have feedback (did you agree/disagree that a notice should have been sent?) or questions, please comment on the discussion thread linked below. This notice cost the project approximately $120 USD to send. If you would like to support the project, you can learn more here.
Additional vulnerability discussion can be found on GitHub.
Have information to contribute? Make a pull request!